Skip to content

Commit

Permalink
doc: add security-steward rotation information
Browse files Browse the repository at this point in the history
Add information about security stewards and
rotation.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #41707
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
mhdawson authored and danielleadams committed Mar 14, 2022

Verified

This commit was signed with the committer’s verified signature.
danielleadams Danielle Adams
1 parent 14ea8fc commit 4f194f3
Showing 2 changed files with 46 additions and 0 deletions.
24 changes: 24 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -732,6 +732,30 @@ use these keys to verify a downloaded file.

</details>

### Security release stewards

When possible, the commitment to take slots in the
security release steward rotation is made by companies in order
to ensure individuals who act as security stewards have the
support and recognition from their employer to be able to
prioritize security releases. Security release stewards manage security
releases on a rotation basis as outlined in the
[security release process](./doc/contributing/security-release-process.md).

* Datadog
* [bengl](https://github.com/bengl) -
**Bryan English** <<bryan@bryanenglish.com>> (he/him)
* [vdeturckheim](https://github.com/vdeturckheim) -
**Vladimir de Turckheim** <<vlad2t@hotmail.com>> (he/him)
* NearForm
* [mcollina](https://github.com/mcollina) -
**Matteo Collina** <<matteo.collina@gmail.com>> (he/him)
* Red Hat and IBM
* [joesepi](https://github.com/joesepi)-
**Joe Sepi** <<joesepi@ibm.com>> (he/him)
* [mhdawson](https://github.com/mhdawson) -
**Michael Dawson** <<midawson@redhat.com>> (he/him)

## License

Node.js is available under the
22 changes: 22 additions & 0 deletions doc/contributing/security-release-process.md
Original file line number Diff line number Diff line change
@@ -6,6 +6,28 @@ Security Release and used to track progress on the release. It contains _**TEXT
LIKE THIS**_ which will be replaced during the release process with the
information described.

## Security release stewards

For each security release, a security steward will take ownership for
coordinating the steps outlined in this process. Security stewards
are nominated through an issue in the TSC repository and approved
through the regular TSC consensus process. Once approved, they
are given access to all of the resources needed to carry out the
steps listed in the process as outlined in
[security steward on/off boarding](security-steward-on-off-boarding.md).

The current security stewards are documented in the main Node.js
[README.md](https://github.com/nodejs/node#security-release-stewards).

| Company | Person | Release Date |
| ---------- | -------- | ------------ |
| NearForm | Matteo | 2021-Oct-12 |
| Datadog | Bryan | 2022-Jan-10 |
| RH and IBM | Joe | |
| NearForm | Matteo | |
| Datadog | Vladimir | |
| RH and IBM | Michael | |

## Planning

* [ ] Open an [issue](https://github.com/nodejs-private/node-private) titled

0 comments on commit 4f194f3

Please sign in to comment.